On 01/03/13 17:25, Grant Edwards wrote:
def lessDangerousEval(expr): global symbolTable if 'import' in expr: raise ParseError("operand expressions are not allowed to contain the string 'import'") globals = {'__builtins__': None} locals = symbolTable return eval(expr, globals, locals)I can guarantee that symbolTable is a dict that maps a set of string symbol names to integer values.
For what definition of "safe"? Are CPython segfaults a problem? Blowing the stack? Do you aim to prevent exploitable things like system calls or network/file access?
-tkc -- http://mail.python.org/mailman/listinfo/python-list
